
<?php 
include("connection.php");

//get form data
	$id = $_POST['username'];
	$password = $_POST['password'];
	
	
// To protect MySQL injection (more detail about MySQL injection)
$id = stripslashes($id);
$password = stripslashes($password);
$id = mysql_real_escape_string($id);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM login  WHERE id='$id' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);


// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
if($id=='081120096'){
header("location:ADMINLOGGEDIN.php");
}else{
header("location:home.php");
}
}

else {
echo "Wrong Username or Password";
}


?>


<div align="center"></div>
</body>
</html>
